Adding Matching Criteria to the Validation Process - FireWall-1 Gurus Forum

Members Login

Post Info

TOPIC: Adding Matching Criteria to the Validation Process

bolt

Status: Offline

Posts: 9

Date: Jul 1, 2004

Adding Matching Criteria to the Validation Process	Permalink

Consults a question£¬I must dispose Configuration of PKI Operations£¬Now.Had found the ¡°Adding Matching Criteria to the Validation Process¡± material in the CheckPoint help documents£¬But can't I how also find the disposition the place¡£ Because I have not built externally managed VPN entity£¬My VPN is ¡°CLIENT TO SITE¡± way, but not ¡°SITE TO SITE¡± way £¬I want where request set up " Matching Criteria " in the file according to " Adding Matching Criteria to the Validation Process " The following is a disposition step of " PKI " file: Adding Matching Criteria to the Validation Process The certificates of an externally managed VPN entity are not handled by the local SmartCenter server. However, you can force a peer to present a particular certificate when creating a VPN tunnel, as follows: 1¡¢Open the VPN page of the externally managed VPN entity. 2¡¢Click Matching Criteria... 3¡¢Choose the desired characteristics of the certificate the peer is expected to present, including: ¨ª the CA that issued it ¨ª the exact DN of the certificate ¨ª select the IP address that appears in the Subject Alternate Name extension of the certificate. This IP address is compared to the IP address of the VPN peer itself as it appears to the VPN-1 module during the IKE negotiation. ¨ª the e-mail address appearing in the Subject Alternate Name extension of the certificate __________________

Page 1 of 1 sorted by

Tweet this page

Post to Digg

Post to Del.icio.us

Create your own FREE Forum
Report Abuse